CVE-2019-1003040

jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.

Una vulnerabilidad de omisión de sandbox en Jenkins Script Security Plugin, en sus versiones 1.55 y anteriores, permite a los atacantes invocar constructores arbitrarios en los scripts en "sandbox".

A flaw was found in the Jenkins Script Security plugin. Groovy Plugins could be circumvented through methods supporting type casts and type coercion allowing attackers to invoke constructors for arbitrary types. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass and cross site scripting vulnerabilities.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-03-28 CVE Reserved
2019-03-28 CVE Published
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CWE-704: Incorrect Type Conversion or Cast

CAPEC

References (6)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2019/03/28/2	Mailing List
http://www.securityfocus.com/bid/107628	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2019:1423	2023-10-25
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1353	2023-10-25
https://access.redhat.com/security/cve/CVE-2019-1003040	2019-06-10
https://bugzilla.redhat.com/show_bug.cgi?id=1694532	2019-06-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jenkins Search vendor "Jenkins"		Script Security Search vendor "Jenkins" for product "Script Security"				<= 1.55 Search vendor "Jenkins" for product "Script Security" and version " <= 1.55"		jenkins		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11"		-		Affected